Re: SSL and redirect

From: Hithesh Ranchhod (hithesh.ranchhodNOSPAM@andrew.com)
Date: 01/30/03

• Next message: charles: "Re: IsInRole not as expected"
• Previous message: Paul Lyons: ""Requested Registry Access Is Not Allowed" Error Message When ASP.NET Applicatio"
• In reply to: Kevin Burton: "SSL and redirect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Hithesh Ranchhod" <hithesh.ranchhodNOSPAM@andrew.com>
Date: Thu, 30 Jan 2003 10:54:00 -0600

Kevin,

My understanding is that in the current version of ASP.NET, formsauth will
redirect based on what the incoming file state was in. So if you are coming
in https:// , you will be forwarded in https://. Same for http://.

There is a security issue if you hop between https and http with the forms
auth cookie as it can be "sniffed" when in http mode and whoever is
listening could steal the login.

I pretty much locked down applications to https only, after users logged in.

I don't have much info on the dummy cert you require. Maybe you can get a
demo one from Verisign for dev purposes only?

"Kevin Burton" <kevin_burton@baxter.com> wrote in message
news:05c901c2c16e$79a64ba0$89f82ecf@TK2MSFTNGXA01...
>
> I noticed that you did not receive any replies to your
> query. Were you able to research and find out anything
> else? Any information that you found about using SSL would
> be greatly appreciated.
>
> I am just beginning to investigate using SSL and
> certificates. I am running up against the documentation
> that seems to favor the Web Server Certificate Wizard
> (which in my case requires a separate dedicated server),
> versus using the .NET makecert utility (of which there
> seems to be little documentation). I would like to use
> makecert to generate a dummy certificate for the purposes
> of testing SSL (performance etc.) I don't know how to do
> this right now.
>
> Thank you for your time.
>
> Sincerely,
>
> Kevin

---

• Next message: charles: "Re: IsInRole not as expected"
• Previous message: Paul Lyons: ""Requested Registry Access Is Not Allowed" Error Message When ASP.NET Applicatio"
• In reply to: Kevin Burton: "SSL and redirect"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: IE https certificate attack ... How non-interactive ssl clients in EAI and web services software handle ... Subject: IE https certificate attack ... (Vuln-Dev) Lost in a sea of information (SSL Configuration) ... to configure SSL on my Exchange Server in order for users to access OWA ... using https, but apparently I'm not doing something right. ... I installed the Certificate Services on the server and completed the fields ... (microsoft.public.exchange2000.admin) Re: X509 and SSL ... When you enable SSL / HTTPS on a particular folder, ... If you need to authenticate your clients via signatures, ... >>> must i buy one certificate for sign response messages and one ... (microsoft.public.dotnet.framework.webservices.enhancements) RE: Pocket PC 2003 Sych with Exchange Issue ... How Secure Sockets Layer Works ... SSL for the HTTP connections for these mobile features. ... HTTPS or not using HTTPS when you try to use Exchange 2003 OMA/Server ... certificate from an well-known third party CA or set up and issue your own ... (microsoft.public.windows.server.sbs) Re: SSL Encryption ... Thank you Kevin. ... still connecting with HTTPS, duh! ... But with real clients we do not want to use this mechanism. ... We want to physically give the clients the certificate, ... (microsoft.public.dotnet.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)